Am new here and need help with virus/spyware

Discussion in 'General Computer Support' started by cm punk, Nov 8, 2006.

  1. cm punk

    cm punk

    Joined:
    Nov 8, 2006
    Messages:
    1
    Hi ive downloaded a few things like spyware terminator and spyware doctor and it got rid of alot of crap but the one that is still wrecking my computer is still on here, it will change webpages when i click a link, it freezes the screen, it starts to go slow its annoying as hell, one of the scans brought up the name searchterror.com but i dont know if its that, i went to Hijackthis and did a scan,now this is where am not good i need someone with the knowledge of knowing what to delete please someone help me. Thanks.

    Logfile of HijackThis v1.99.1
    Scan saved at 09:43:11, on 08/11/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    c:\windows\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Norton Internet Security\NISUM.EXE
    c:\windows\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
    C:\Documents and Settings\Admin\Start Menu\Programs\Startup\xqiyr.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    C:\Program Files\Norton Internet Security\ccPxySvc.exe
    C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\wdfmgr.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Documents and Settings\Admin\Desktop\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.co.uk
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.co.uk
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\PCHealth\HelpCtr\System\panels\blank.htm
    R3 - URLSearchHook: (no name) - {749C6DE7-E327-6CC8-6CFF-C13FFFC2B823} - bingo9.dll (file missing)
    O1 - Hosts: localhost 127.0.0.1
    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {f250d521-225d-4d6b-8829-e064f944e180} - C:\WINDOWS\System32\nwaa.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
    O4 - Startup: xqiyr.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: BlueSoleil.lnk = ?
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Admin\Start Menu\Programs\IMVU\Run IMVU.lnk
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{0691DD64-43AC-4FC0-933D-0F53578D2D17}: NameServer = 85.255.113.106,85.255.112.167
    O17 - HKLM\System\CCS\Services\Tcpip\..\{28A34726-4249-46D3-B78A-90EE51171AA5}: NameServer = 85.255.113.106,85.255.112.167
    O17 - HKLM\System\CCS\Services\Tcpip\..\{3411D5E1-802C-46E0-BBB8-8D2BC8AA8F79}: NameServer = 85.255.113.106,85.255.112.167
    O17 - HKLM\System\CCS\Services\Tcpip\..\{519A61B5-4C61-45BD-8469-35F1E0AF8D45}: NameServer = 85.255.113.106,85.255.112.167
    O17 - HKLM\System\CCS\Services\Tcpip\..\{89A4BBEC-29AD-4F1D-BF52-F47814AC538F}: NameServer = 85.255.113.106,85.255.112.167
    O17 - HKLM\System\CCS\Services\Tcpip\..\{AD25CB94-1EFB-4BD6-9199-DDE87A985F73}: NameServer = 85.255.113.106,85.255.112.167
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.106 85.255.112.167
    O17 - HKLM\System\CS1\Services\Tcpip\..\{0691DD64-43AC-4FC0-933D-0F53578D2D17}: NameServer = 85.255.113.106,85.255.112.167
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.106 85.255.112.167
    O17 - HKLM\System\CS2\Services\Tcpip\..\{0691DD64-43AC-4FC0-933D-0F53578D2D17}: NameServer = 85.255.113.106,85.255.112.167
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.106 85.255.112.167
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe
    O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
     
    cm punk, Nov 8, 2006
    #1
    1. Advertising

  2. cm punk

    bigal

    Joined:
    Jul 1, 2005
    Messages:
    1,483
    Location:
    Northern Virginia, USA
    I would either wipe the drive and reinstall Windows / all your applications, or I would seriously consider trying Spy Sweeper with it's new anti-virus upgrade. Norton should have stopped what got into your machine, unless it was considered spy-ware. A free program that works pretty well is Spy Bot Search and Destroy. However, I am really happy with Spy Sweeper. When it's on sale, you can get it for about $20 USD.
     
    bigal, Nov 13, 2006
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. drackon
    Replies:
    3
    Views:
    463
    trout
    Aug 22, 2003
  2. Phil B

    Virus, Virus, Virus.....

    Phil B, Sep 22, 2003, in forum: Computer Support
    Replies:
    2
    Views:
    611
    DaveW
    Sep 22, 2003
  3. pcbutts1

    Re: Need Help with virus/spyware

    pcbutts1, Jul 22, 2005, in forum: Computer Support
    Replies:
    1
    Views:
    714
    Gabriele Neukam
    Jul 22, 2005
  4. EW105
    Replies:
    5
    Views:
    364
    Mitch
    Nov 19, 2005
  5. Muse Gruppes

    Need help regarding anti-spyware/virus products...

    Muse Gruppes, Jul 23, 2006, in forum: Computer Support
    Replies:
    3
    Views:
    398
    Ponder
    Jul 24, 2006
Loading...

Share This Page